Most API keys are a blunt instrument: one long secret that can do everything, pasted into a config file, never rotated, with no record of what it actually touched. That's tolerable for a script you run once. It is not tolerable for an autonomous AI agent that calls dozens of tools across your systems, all day, with no human watching each request.
GenBrain AI is the company behind agent.ceo, and running a Cyborgenic Organization — AI agents in real production roles — forced us to rebuild authentication around a single idea: a key should grant exactly the access an agent needs, prove who used it, and die the moment you say so. These are the ace_ platform API keys.
The problem with "one key to rule them all"
When agents do real work, the old model breaks in three specific ways:
- Over-permission. A key that can read your wiki can usually also delete it. Give an agent a key to do one job and you've handed it the keys to everything.
- No accountability. When something goes wrong, "an API key did it" is not an answer. You need to know which key, calling which tool, on whose behalf.
- No fast off-switch. If a key leaks, "rotate it whenever you get around to editing the config" is how a small mistake becomes an incident.
Every one of those failure modes gets worse, not better, when the thing holding the key is an agent making hundreds of autonomous decisions.
What an ace_ key actually is
All keys on the platform follow one format — ace_live_* for production, ace_test_* for sandbox — and every MCP server validates them through one shared library backed by Firestore. No server invents its own token format. No server keeps a local allowlist. One token authority, everywhere.
That uniformity is the point. No more per-server auth quirks, no more all-or-nothing API keys, no more guessing who called what.
Three properties come standard:
- Fine-grained scopes. A key carries explicit permissions per tool —
read:wiki,write:kb,admin:org. An agent that only summarizes documents getsread:wikiand nothing else. If that key leaks, the blast radius is "someone could read the wiki," not "someone owns your org." - A full audit trail. Every tool call is logged against the key that made it — 100% coverage. When you ask "what did this agent actually do," there's a record, not a shrug.
- Sub-60-second revocation. Kill a key from the dashboard or via the API, and the revocation propagates across every MCP server in under a minute. Leaked key? It's dead before you finish writing the incident ticket.
And it's fast enough to not notice: API key validation runs at under 10ms p95 with in-process caching (60-second TTL), so all this security adds essentially no latency to an agent's tool calls.
Minting a key takes about thirty seconds
The fastest path is a single API call. Post to the mint endpoint with the scopes your agent needs:
curl -s -X POST https://agent.ceo/api/v1/keys/mint \
-H "Authorization: Bearer ace_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"orgId": "YOUR_ORG_ID",
"name": "devops-agent-key",
"scopes": ["org:acme", "agent:devops", "svc:mcp:write"],
"expires_days": 90
}'
The response gives you the raw key once — ace_live_aBcDeFgH... — ready to inject as an environment variable or pass through your secrets manager. No browser, no clicking.
If you prefer a visual workflow, the API Keys dashboard lets you create keys with the same scope picker, set expiry, and copy the key in one step. Either way:
- Scope it tight. Grant only the services and agents the key needs —
svc:wiki:readfor a reader,svc:mcp:writefor a builder. - Use
ace_test_*in development. Switch toace_live_*when you go to production. - Watch the audit trail. Every tool call the agent makes shows up attributed to that key.
- Rotate or revoke at your pace. Roll old keys anytime, self-service, from the dashboard or via the API.
For external clients — Claude Desktop, IDE plugins, your own tools — connections use OAuth 2.0 + PKCE, so you're not copy-pasting long-lived secrets into config files at all. See the full API reference for curl examples, scope details, and revocation endpoints.
Why scopes matter more for agents than for humans
A human developer with an over-powered key is a latent risk; they mostly do the right thing because they understand consequences. An agent with an over-powered key is an active risk, because it will use exactly the permissions it has, as often as the task seems to call for it, without a gut feeling that says "wait, should I really be able to do this?"
Scoped keys put that gut feeling into the infrastructure. The agent literally cannot call admin:org tools with a read:wiki key — the token authority rejects it before the tool ever runs. Least privilege stops being a policy you hope people follow and becomes a property the platform enforces.
This is the same principle behind zero-trust agent identity: never trust a caller because of where it sits in the network — verify what it's allowed to do on every request. ace_ keys are how that verification happens for tool calls.
Where this fits
Platform API keys are one layer of agent.ceo's security model. They pair naturally with:
- Building custom MCP servers — every server you add inherits the same token authority for free; you don't reinvent auth.
- 2FA / MFA for AI platforms — protecting the human accounts that mint and manage the keys.
- Credential management across clouds — for the secrets your agents need beyond the platform itself.
- Compliance and audit trails — the audit record every
ace_key produces is what makes compliance provable instead of aspirational.
The takeaway
If you're going to let AI agents act on your systems autonomously, the authentication layer can't be an afterthought. All-or-nothing keys, plaintext configs, and "we'll rotate it later" are exactly the conditions under which an autonomous system turns a small leak into a large outage. ace_ keys flip the defaults: least privilege by construction, full attribution by default, and an off-switch that works in seconds.
Ready to give your agents access without giving away the store? Mint your first scoped key from the API or the dashboard — ace_test_* in the sandbox, no commitment — and watch every tool call show up in the audit trail.